CVE-2024-57884: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: "DMA32" SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: "Normal" SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn't been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated---
AI Analysis
Technical Summary
CVE-2024-57884 is a vulnerability in the Linux kernel's memory management subsystem, specifically within the virtual memory scanning (vmscan) and page reclaim logic. The issue arises in the function throttle_direct_reclaim(), which is responsible for reclaiming memory pages when the system is under memory pressure. The vulnerability is caused by an incorrect assessment of memory zone reclaimability, leading to an infinite loop in throttle_direct_reclaim(). The root cause is that the function allow_direct_reclaim(pgdat) can repeatedly return false because the node's memory zones are incorrectly deemed balanced. This happens because the zone_reclaimable_pages() function does not account for free pages (NR_FREE_PAGES) when no other reclaimable pages (inactive/active file-backed or anonymous pages) are present. In the example provided, the ZONE_DMA32 has a significant number of free pages but zero reclaimable pages, causing it to be skipped as unreclaimable. Meanwhile, another zone, ZONE_NORMAL, remains under memory pressure but the overall node is considered balanced due to the free pages in ZONE_DMA32. This misclassification prevents the increment of kswapd_failures, a counter used to indicate memory reclaim failures, and causes the system to incorrectly believe memory pressure is resolved. Consequently, throttle_direct_reclaim() loops infinitely, as allow_direct_reclaim() never returns true, leading to a kernel hang or system freeze. The patch for this vulnerability modifies zone_reclaimable_pages() to include free pages in its reclaimable pages calculation when no other reclaimable pages are available. This ensures zones with free pages are not mistakenly skipped, allowing proper node balancing and preventing infinite loops in memory reclaim operations. The vulnerability affects Linux kernel versions identified by the commit hash 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 and similar. This vulnerability does not require user interaction or authentication to trigger but depends on specific memory pressure conditions and system configurations, such as the absence of swap space. It can cause system hangs, impacting availability severely.
Potential Impact
For European organizations, the impact of CVE-2024-57884 can be significant, especially for those relying heavily on Linux-based infrastructure, including servers, cloud environments, and embedded systems. The vulnerability can cause kernel hangs and system freezes due to infinite loops in memory reclaim functions, leading to denial of service (DoS). This can disrupt critical business operations, affect service availability, and cause downtime. Organizations running Linux kernels with the affected versions and configurations lacking swap space are particularly vulnerable. This includes data centers, cloud service providers, and enterprises using Linux for high-performance computing or container orchestration platforms like Kubernetes. The inability to reclaim memory properly under pressure can degrade system performance and reliability. Given the widespread use of Linux in European public sector institutions, financial services, telecommunications, and manufacturing, the vulnerability poses a risk to critical infrastructure and services. Prolonged system hangs could lead to operational disruptions, financial losses, and reputational damage. Additionally, recovery from such hangs may require manual intervention or system reboots, increasing operational overhead.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2024-57884 as soon as it becomes available. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. Upgrade to a Linux kernel version that includes the fix for this vulnerability. If immediate upgrade is not feasible, consider backporting the patch if supported by your distribution. 3. Configure systems to use swap space where possible. The vulnerability is exacerbated in systems without swap, so enabling swap can reduce the likelihood of triggering the infinite loop. 4. Monitor system memory usage and kernel logs for signs of memory pressure or reclaim failures. Implement alerting for unusual kernel scheduling delays or system responsiveness issues. 5. For critical systems, implement redundancy and failover mechanisms to minimize impact from potential kernel hangs. 6. Test kernel updates in staging environments to ensure stability and compatibility before production deployment. 7. Engage with Linux distribution vendors for security advisories and recommended mitigation steps tailored to your environment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-57884: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: "DMA32" SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: "Normal" SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn't been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-57884 is a vulnerability in the Linux kernel's memory management subsystem, specifically within the virtual memory scanning (vmscan) and page reclaim logic. The issue arises in the function throttle_direct_reclaim(), which is responsible for reclaiming memory pages when the system is under memory pressure. The vulnerability is caused by an incorrect assessment of memory zone reclaimability, leading to an infinite loop in throttle_direct_reclaim(). The root cause is that the function allow_direct_reclaim(pgdat) can repeatedly return false because the node's memory zones are incorrectly deemed balanced. This happens because the zone_reclaimable_pages() function does not account for free pages (NR_FREE_PAGES) when no other reclaimable pages (inactive/active file-backed or anonymous pages) are present. In the example provided, the ZONE_DMA32 has a significant number of free pages but zero reclaimable pages, causing it to be skipped as unreclaimable. Meanwhile, another zone, ZONE_NORMAL, remains under memory pressure but the overall node is considered balanced due to the free pages in ZONE_DMA32. This misclassification prevents the increment of kswapd_failures, a counter used to indicate memory reclaim failures, and causes the system to incorrectly believe memory pressure is resolved. Consequently, throttle_direct_reclaim() loops infinitely, as allow_direct_reclaim() never returns true, leading to a kernel hang or system freeze. The patch for this vulnerability modifies zone_reclaimable_pages() to include free pages in its reclaimable pages calculation when no other reclaimable pages are available. This ensures zones with free pages are not mistakenly skipped, allowing proper node balancing and preventing infinite loops in memory reclaim operations. The vulnerability affects Linux kernel versions identified by the commit hash 5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 and similar. This vulnerability does not require user interaction or authentication to trigger but depends on specific memory pressure conditions and system configurations, such as the absence of swap space. It can cause system hangs, impacting availability severely.
Potential Impact
For European organizations, the impact of CVE-2024-57884 can be significant, especially for those relying heavily on Linux-based infrastructure, including servers, cloud environments, and embedded systems. The vulnerability can cause kernel hangs and system freezes due to infinite loops in memory reclaim functions, leading to denial of service (DoS). This can disrupt critical business operations, affect service availability, and cause downtime. Organizations running Linux kernels with the affected versions and configurations lacking swap space are particularly vulnerable. This includes data centers, cloud service providers, and enterprises using Linux for high-performance computing or container orchestration platforms like Kubernetes. The inability to reclaim memory properly under pressure can degrade system performance and reliability. Given the widespread use of Linux in European public sector institutions, financial services, telecommunications, and manufacturing, the vulnerability poses a risk to critical infrastructure and services. Prolonged system hangs could lead to operational disruptions, financial losses, and reputational damage. Additionally, recovery from such hangs may require manual intervention or system reboots, increasing operational overhead.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2024-57884 as soon as it becomes available. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. Upgrade to a Linux kernel version that includes the fix for this vulnerability. If immediate upgrade is not feasible, consider backporting the patch if supported by your distribution. 3. Configure systems to use swap space where possible. The vulnerability is exacerbated in systems without swap, so enabling swap can reduce the likelihood of triggering the infinite loop. 4. Monitor system memory usage and kernel logs for signs of memory pressure or reclaim failures. Implement alerting for unusual kernel scheduling delays or system responsiveness issues. 5. For critical systems, implement redundancy and failover mechanisms to minimize impact from potential kernel hangs. 6. Test kernel updates in staging environments to ensure stability and compatibility before production deployment. 7. Engage with Linux distribution vendors for security advisories and recommended mitigation steps tailored to your environment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-11T14:45:42.024Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde96b
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 8:40:18 AM
Last updated: 8/12/2025, 6:02:07 AM
Views: 19
Related Threats
CVE-2025-8671: CWE-404 Improper Resource Shutdown or Release in IETF HTTP Working Group HTTP/2
HighCVE-2025-48989: CWE-404 Improper Resource Shutdown or Release in Apache Software Foundation Apache Tomcat
HighCVE-2025-55280: CWE-312: Cleartext Storage of Sensitive Information in ZKTeco Co WL20 Biometric Attendance System
MediumCVE-2025-55279: CWE-798: Use of Hard-coded Credentials in ZKTeco Co WL20 Biometric Attendance System
MediumCVE-2025-54465: CWE-798: Use of Hard-coded Credentials in ZKTeco Co WL20 Biometric Attendance System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.